OpenSSH 7.2 ·¢²¼ÁË£¬²¢ÇҺܿé¿ÉÔÚËùÓÐÖ§³ÖµÄƽ̨ÏÂÔØ¡£
¸ù¾ÝÄÚ²¿·¢²¼¹«¸æ£¬OpenSSH 7.2 Ö÷ÒªÊÇ bug ÐÞ¸´£¬ÐÞ¸ÄÁË×Ô OpenSSH 7.1p2 ÒÔÀ´ÓÉÓû§±¨¸æºÍ¿ª·¢ÍŶӷ¢ÏÖµÄÎÊÌ⣬µ«ÊÇÎÒÃÇ¿ÉÒÔ¿´µ½¼¸¸öй¦ÄÜ¡£
ÕâÆäÖУ¬ÎÒÃÇ¿ÉÒÔÌᵽʹÓÃÁË SHA-256 »òÕß SHA-256 512 ¹þÏ£Ëã·¨µÄ RSA Ç©Ãû£»Ôö¼ÓÁËÒ»¸ö AddKeysToAgent ¿Í»§¶ËÑ¡ÏÒÔÌí¼ÓÓÃÓÚÉí·ÝÑéÖ¤µÄ ssh-agent µÄ˽Կ£»ºÍʵÏÖÁËÒ»¸ö¡°restrict¡±¼¶±ðµÄ authorized_keys Ñ¡ÏÓÃÓÚ´æ´¢ÃÜÔ¿ÏÞÖÆ¡£
´ËÍ⣬ÏÖÔÚ ssh_config ÖÐ CertificateFile Ñ¡Ïî¿ÉÒÔÃ÷È·ÁгöÖ¤Ê飬ssh-keygen ÏÖÔÚÄܹ»¸Ä±äËùÓÐÖ§³ÖµÄ¸ñʽµÄÃÜÔ¿×¢ÊÍ¡¢ÃÜÔ¿Ö¸ÎÆÏÖÔÚ¿ÉÒÔÀ´×Ô±ê×¼ÊäÈ룬¶à¸ö¹«Ô¿¿ÉÒԷŵ½Ò»¸öÎļþ¡£
ssh-keygen ÏÖÔÚÖ§³Ö¶àÖ¤Êé
³ýÁËÉÏÃæÌáµ½µÄ£¬OpenSSH 7.2 Ôö¼ÓÁË ssh-keygen ¶àÖ¤ÊéµÄÖ§³Ö£¬Ò»¸öÒ»ÐУ¬ÊµÏÖÁË sshd_config ChrootDirectory ¼°Foreground µÄ¡°none¡±²ÎÊý£¬¡°-c¡±±êÖ¾ÔÊÐí ssh-keyscan »ñÈ¡Ö¤Êé¶ø²»ÊÇÎı¾ÃÜÔ¿¡£
×îºóµ«²¢·Ç×î²»ÖØÒªµÄ£¬OpenSSH 7.3 ²»ÔÙĬÈÏÆôÓà rijndael-cbc£¨¼´ AES£©£¬blowfish-cbc¡¢cast128-cbc µÈ¹ÅÀϵÄËã·¨£¬Í¬ÑùµÄ»¹ÓлùÓÚ MD5 ºÍ½Ø¶ÏµÄ HMAC Ëã·¨¡£ÔÚ Linux ÖÐÖ§³Ö getrandom() ϵͳµ÷Óá£
Èí¼þÏêÇ飺http://www.openssh.com/txt/release-7.2
ÏÂÔصØÖ·£ºhttp://linux.softpedia.com/get/Security/OpenSSH-4474.shtml
À´×Ô:¿ªÔ´ÖйúÉçÇø
